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Abstract 


This  paper  introduces  the  logic  of  a  control  action  S4F  and  the  logic  of  a  continuous 
control  action  S4C  on  the  state  space  of  a  dynamical  system.  The  state  space  is 
represented  by  a  topological  space  (X,  T)  and  the  control  action  by  a  function  /  from 
X  to  X.  We  present  an  intended  topological  semantics  and  a  Kripke  semantics,  give 
both  a  Hilbert-style  axiomatization  and  Gentzen-style  sequent  calculus  for  S4F  and 
S4C,  and  prove  completeness  with  respect  to  both  semantics,  a  cut-elimination  for  the 
sequent  calculi,  and  decidability  of  the  logics. 


1  Introduction 

Let  Ca  be  the  propositional  modal  language  generated  from  a  countable  set  PV  of  propo¬ 
sitional  variables,  the  propositional  constant  J_  (falsum),  the  propositional  connective  — > 
(implication),  and  the  modal  operator  □.  Let  Coa  be  the  propositional  language  extending 
Ca  which  includes,  in  addition,  a  new  modal  operator  [a]. 

Let  S4  denote  the  subset  of  Cna  consisting  of  all  formulas  derivable  from  a  standard 
axiomatization  of  classical  propositional  logic  together  with  the  axiom  schemes:  □(<£>  — > 
xj>)  — >  (□<£>  — )■  □</>),  n<p  — >■  <p  and  □</>  — >  □□</?,  using  the  inference  rules  of  modus  ponens 
( MP )  and  D-necessitation. 

We  develop  a  bimodal  extension  of  S4,  which  we  call  S4F,  in  the  language  Cna  with  the 
single  new  modal  operator  [a].  In  the  intended  topological  semantics  for  this  new  logic,  the 
S4  modality  □  is  interpreted  in  the  standard  way  as  the  topological  interior  operator,  and 
[a]  is  interpreted  as  the  inverse  image  /-1  (•)  for  a  fixed  total  function  /  :  X  — y  X  on  the 
state  space  X,  equipped  with  a  topology  T.  For  each  propositional  formula  p>  of  Coa,  IMI 
is  a  subset  of  X ,  and  ||[a]</?||  is  the  set  of  points  x  G  X  such  that  after  applying  the  function 
/  :  X  — y  X  interpreting  a ,  we  have  f(x)  G  ||<^||.  So  ||[a]<£>||  =  /-1  (||v?||).  The  set  map  /-1 
commutes  with  all  the  Boolean  operations  on  sets  and  the  axiom  schemes  for  S4F  reflect 
this:  [a\(ip  — >■  xp)  ►  ([a]<p  — f  [a]^)  and  -I[a]y>  The  [a]-necessitation  inference  rule 

corresponds  to  the  totality  of  /. 

When  the  function  /  is  continuous  with  respect  to  the  topology  T,  ||[a]y>||  is  an  open  set 
(closed  set)  whenever  ||v?||  is  open  (closed),  and  /  is  continuous  exactly  when  the  formula 

[<*]□¥>  ->  0[<x]<^> 

is  satisfied  (evalutes  as  the  whole  space  X)  for  each  <p  G  Caa- 

In  application  to  continuous  dynamics  in  hybrid  control  systems,  we  think  of  the  symbol 
“a”  as  denoting  a  “control  action”,  typically  a  vector  field  applied  for  a  fixed  duration,  so 
that  the  function  /  interpreting  a  is  a  section  of  a  flow  on  the  state  space  (manifold). 

In  dynamic  or  program  logics  (see,  for  eg.  [Ha84]  or  [KT90]),  formulas  of  the  form 

ip  -4-  [p]V> 
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where  p  denotes  a  program,  express  the  Hoare  partial  correctness  assertion  {95}  p  {('}'■  “if 
program  p  begins  execution  in  a  <p  state  then  it  will  terminate  in  a  1 ft  state”.  In  the  logic 
S4F,  formulas  of  the  form: 

can  be  read  as:  “whenever  then  action  a  always  makes  it  the  case  that  9?”  or  more 
succinctly,  “action  a  always  takes  xf)  states  to  ip  states”.  Such  a  formula  is  true  (evaluates  as 
the  whole  space)  in  a  topological  model  T  =  (X,T,  /;  £)  exactly  when,  for  all  x  G  X: 


X  e  |MI€  implies  f(x )  €  ||^||( 

where  £  is  a  valuation  of  atomic  propositions  as  subsets  of  X.  More  generally, 

0  -*  wv 

reads  “k  iterations  of  action  a  always  takes  ip  states  to  <p  states”,  where  [a]°p  is  just  <p  and 
[a]k+1<p  is  [a][a]k<p. 


In  this  paper,  we  concentrate  on  the  (classical)  logic  of  a  single  control  action.  We  present 
a  topological  semantics  and  a  Kripke  semantics,  give  both  a  Hilbert-style  axiomatization 
and  a  Gentzen  sequent  calculus  for  the  logic  S4F,  prove  completeness  with  respect  to  both 
semantics  as  well  as  a  semantic  proof  of  cut-elimination  for  the  sequent  calculus  and  show 
the  logic  to  be  decidable. 


2  Syntax  and  Topological  Semantics 

Definition  2.1  Let  £□„  be  the  propositional  language  generated  from  a  countable  set  AP  of 
atomic  propositions,  the  propositional  constant  _L  (falsum),  the  propositional  connective  — J- 
(implication),  and  the  modal  operators  □  and  [a]. 


Within  the  language  £Qo ,  we  can  define  in  the  usual  way  the  propositional  constants  and 
the  other  classical  propositional  connectives  in  terms  of  JL  and  — the  diamond  operators  O 
and  (a)  as  the  classical  duals  of  □  and  [a],  respectively: 


T  = 

o 

“*¥>  = 
<p  fwj)  = 
ipV  ip  = 
<p  *4  lj)  = 
Oip  = 
<«>¥>  = 


-a 

<p -L 

->(<p  ->  ->V’) 
-xp  ip 
(</?-)■  f))  A  (0 

— id- np 

~ '[a]- '9? 


v) 
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Definition  2.2  A  topological  structure  for  the  propositional  language  Caa  is  a  triple  X  = 
(X,T,f)  where 

•  X  y ^  0  is  the  state  space; 

•  7"  C  V{X)  is  a  topology  on  X  (i.e.  0,  X  £  T,  and  T  is  closed  under  arbitrary  unions 
and  finite  intersections);  and 

•  f  :  X  — >■  X  is  a  total  function. 

Note  that  at  this  stage,  /  is  not  assumed  to  be  anything  other  than  total;  in  particular,  it  is 
not  assumed  to  be  continuous  w.r.t.  T. 


Definition  2.3  A  valuation  for  a  topological  structure  X  =  (X,  7”,  /)  is  any  map  £  :  AP  — > 
V(X)  assigning  a  subset  £(p)  C  X  to  each  p  €  AP.  Each  such  valuation  uniquely  extends 
to  a  valuation  map  ||-||^  :  Caa  — >  V(X),  satisfying  the  following  clauses: 

INI*  =  «p) 

II -Ml*  =  0 

=  -  IINI* u  IMI* 

ll«=MI*  =  intr{  Ml*) 

IIHvllf  =  /"‘(Hi) 

where  intq-  is  the  interior  operator  determined  by  the  topology  T,  i.e.  for  all  A  C  X, 

intr(A)  =  [j{U  €  T  \  U  C  A} 

and  f~l  is  the  inverse-image  operator  determined  by  the  total  function  f: 

f-'(A)  =  {x€X|/(x)eA} 

Definition  2.4  A  topological  model  for  Caa  is  a  pair  (X,  f),  where  X  =  (X,  T, /)  is  a 
topological  structure  for  Caa  and  :  AP  — >  V(X)  is  a  valuation  for  X. 


Definition  2.5  Let  (p  €  £□<,  be  a  propositional  formula. 

•  <p  is  satisfied  at  a  state  x  £  X  in  a  topological  model  (X, £)  iff  x  £  ||(^||^. 

•  ip  is  true  in  a  topological  model  (X,  £),  written  (X,  £)  |=  p>,  iff  ||y>|L  =  X; 

•  ip  is  valid  in  a  topological  structure  X,  written  X  | =  ip,  iff  for  all  valuations  £  for  %, 
we  have  ||y>||^  =  X; 
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•  </?  is  topologically  valid  iff  %  <p  for  every  topological  structure  X  =  (X,  'T,  f)  for  Caa  ■ 


The  topological  semantics  for  the  defined  constants,  connectives  and  modal  operators  are 
as  one  would  expect. 

imi€  =  x 
imL  =  -IMI* 

\\<p*n<  =  Mi* n  imi* 
ii^v^ii,  =  iMieujjV’ii, 

ll<Vll,  =  cir(Ms) 

IK«>*>II<  =  -/-■(-  IMI<) 

where  clj  is  the  closure  operator  determined  by  the  topology  T,  i.e.  for  any  AC  X, 

clj-(A)  =  —int‘ 7 —  (A) 

=  f){C\-CeTandACC} 

Observe  that  for  any  topological  structure  X  =  (X,  T,  /)  and  valuation  £  for  X, 

\\<p  -»•  V»IU  =  x  iff  llpllc  C  ||*||' 

More  generally, 

\\<P  -»■  *||c  =  {x  €  X  I  if  X  €  |M|€  then  x  €  ||*||{  } 

The  proposed  reading  of  formulas  of  the  form: 

*  [*]<P 

as  “action  a  always  takes  if  states  to  <p  states”  is  based  on  the  fact  that  in  any  topological 
model  (X,  £), 

(X,0  1=  ip  [a\<p  iff  for  alia:  G  X,if  x  G  \\tf\\^  then  f(x)  6  ||v?||^  . 

We  can  embed  Intuitionistic  propositional  logic  Int  within  S4  via  the  standard  Godel 
translation  by  ”Boxing”  all  propositional  variables,  i.e.  dp,  and  defining  Intuitionistic  nega¬ 
tion  ~  and  Intuitionistic  implication  as: 

~  (p  =:  □(-!<£>) 

(p  ^  if  =  (H(<p  — >•  if) 

Topologically,  this  means  that  in  the  Intuitionistic  semantics,  all  propositional  variables 
denote  open  sets,  Intuitionistic  negation  corresponds  to  the  interior  of  the  complement,  and 
Intuitionistic  implication  corresponds  to  the  interior  of  classical  implication. 


3  Hilbert-style  Axiomatization 


Definition  3.1  The  Hilbert-style  proof  system  for  the  logic  S4F  has  the  following  axiom 
schemes ,  in  the  language  £□„: 


CP  :  axioms  of  classical  propositional  logic  in  £□„ 

□K  :  □(y?  — y  tj>)  — >■  {Op  — y  □V’) 

□T  :  Op  ^ 

□4  :  — y  □□  ip 

[a]K  :  [a](y>  -4  0)  {[a]p  ->•  [a]xj>) 

[a]-> :  [a]-^  ^  -,[a]</? 

and  the  inference  rules: 


modus  ponens  : 

□  —  necessitation  : 
[a]  —  necessitation  : 


<p 

[a](p 


We  write 

S4F  \~u  ip 

or  say  p  is  S4F u  provable,  if  the  formula  p  6  Caa  has  an  S4F  Hilbert-style  derivation. 


The  axiom  schemes  OK,  DT  and  04,  together  with  CP,  and  the  rules  of  modus  ponens 
and  d-necessitation,  constitute  the  standard  Hilbert-style  proof  system  for  propositional  S4. 
From  McKinsey  and  Tarski  [McK41],  [MT44],  the  S4  axioms  are  true  in  every  topological 
space  (X,T)  and  hence  true  in  every  topological  structure  X  =  (X,T,  /),  and  the  inference 
rules  are  truth-preserving  (i.e.  if  the  hypotheses  evaluate  as  the  whole  space  X,  then  so  does 
the  conclusion). 

The  axioms  [a]K  and  [a]->  for  the  [a]  modality,  together  with  the  [a]-necessitation  rule,  can 
be  found  in  [Lem??]1,  where  the  uni-modal  logic  is  given  the  name  KF  (“F”  for  “function”). 
The  logic  KF  is  identified  as  characteristic  for  total  (serial)  and  functional  (deterministic) 
binary  relations  in  the  Kripke  semantics.  In  a  sense,  the  [a]  operator  is  nothing  more  than  the 
“next-time”  or  “next-state”  modality  of  temporal  logics2,  given  a  more  abstract  semantics. 

1The  source  manuscript  of  the  “Lemmon  Notes”  [Lem77]  is  dated  1966,  and  was  a  collaboration  of  E.  J. 
Lemmon  and  Dana  Scott.  It  was  edited  for  [Lem77]  by  Krister  Segerberg. 

2The  first  appearance  of  the  KF  axioms  seems  to  be  in  A.  N.  Prior’s  [Pri57]  as  the  axioms  for  the 
“tomorrow  it  will  be  the  case  that”  modality,  and  appear  again  in  that  guise  in  [Seg67].  See  also  Appendix 
B  of  Prior’s  [Pri67]. 
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The  novelty  here  lies  in  combining  it  with  the  S4  □  and  O  modalities  to  give  symbolic 
representation  to  a  topology  as  well  as  an  arbitrary  function. 

The  converse  of  [«]K  is  derivable  as  follows: 

1.  [a]ip  -4  [a]ip  hypothesis 

2.  ->[a]<£>  V  [a]ip  from  1.  by  propositional  logic 

3.  [a]->y?  V  [a]ip  from  2.  by  [a]i  and  propositional  logic 

4.  — >•  (ip  — >  ip)  tautology  of  propositional  logic 

5.  [a]  (-' <p  -4  (9?  — >  ip))  from  4.  by  [a]— necessitation 

6.  [a] ->9?  -4  [a] (95  -4  V>)  from  5.  by  [a]K 

7.  ip  — >■  (9?  -4  V’)  tautology  of  propositional  logic 

8.  [a]  (ip  — >  (97  -4  ^/>))  from  7.  by  [a]— necessitation 

9.  [a]V>  -4  [a] (9?  -4  ip)  from  8.  by  [a]K 

10.  [a]( 9?  -4  •0)  from  3. ,6.  and  9.  by  propositional  logic 

Hence  [a]  commutes  with  each  of  the  classical  (Boolean)  propositional  connectives.  Thus 
as  a  modal  operator,  [a]  is  classically  self-dual,  since  in  S4F #, 

(<1)9?  <4  ->[a]-i9?  44  -'-'[a] 9?  44  [0)9? 


The  following  are  S4F h  provable,  for  any  formulas  9?,  ip  €  Coa  and  k  G  N,  where  if  fc  >  0, 
[a]fc9>  denotes  the  formula  [a] [a]... [a] 9?,  with  k  iterations  of  the  [a]  operator  and  if  k  =  0,  then 
[d\kp  is  just  ip. 

[a]fc->  :  ->[a]fc9 0  44  [a]fc-l9> 

[a]fc  -4:  [a]fc(9>  -4  ip)  44  ([a]  V  -4-  [a]kip) 

[a]fcA  :  [a]*(9?  A  ip)  44  ([a]k<p  A  [a]*V>) 

[a]fcV  :  [a]fc(9>  V  ip)  44  ([a]V  v  [a]*V0 

[a]fcT :  [a]fcT 

[a]fc±  :  [a]k  1  44  X 

[a}kO  :  [a\knip  -4  [a]k<p 

[a]fcO  :  [a]fc ip  -4  [a]fc<>9? 

The  following  are  admissible  inference  rules  in  S4F#,  for  any  formulas  <p,ip,x  G  Caa  and 

k,l  €  N: 

W.  9> 

—  necessitation  :  f  -1t. 

,a]  V 


Monotonicity  of  [a]* : 


9 y  ^  ip 

MV  -*  MV 


Hoare  composition  : 


y  ->•  Mfex>  x  -»  MV 

9>  -4  [a]fc+V 
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Observe  that  there  are  no  axioms  for  S4F  containing  both  □  and  [a],  so  the  behaviors 
of  the  two  modalities  are  quite  independent  and  the  logic  can  be  thought  of  as  a  “direct 
product”  of  S4  and  KF.  When  we  adjoin  a  true  bimodal  axiom  such  as 

Cont  :  n  Hv5 

the  result  is  a  richer  “amalgamated  product”  of  S4  and  KF. 

Proposition  3.2  Topological  Soundness  of  S4F  Hilbert-style  axiomatization 
For  all  formulas  <p  of  Cna,  If  S4F  \~u  p  then  p  is  topologically  valid. 

Proof.  The  topological  validity  of  the  S4  axioms  for  □  plus  the  validity-preservation  of 
modus  ponens  Q-necessitation  follow  trivially  from  the  properties  of  the  interior  operator; 
see  [McK41],  [MT44].  The  semantical  validity  of  the  [a]-necessitation  rule  translates  as 

IMI*  =  x  implies  /_1  (|MI*)  =  X 

and  the  equation  f~1(X)  =  X  holds  exactly  when  f  :  X  —¥  X  is  a  total  function.  The 
validity  of  the  F  axioms  for  [a]  are  immediate  from  the  properties  of  the  inverse-image 
operator.  ■ 


4  Sequent  Calculus 

We  give  a  Gentzen-style  sequent  calculus  for  the  logic  S4F.  In  the  following,  ip  and  ip  are 
arbitrary  formulas  of  the  language  £□„  and  T  and  A  (with  or  without  subscripts)  are  (possibly 
empty)  multisets  of  formulas  of  £0o  (i.e.  finite  ’’sets”  in  which  repetitions  are  allowed,  so  we 
can  ignore  the  Exchange  rules  required  in  Gentzen  systems  that  treat  sequences  of  formulas 
rather  than  multisets).  The  join  or  union  of  two  multisets  T  and  A  is  written  T,  A,  and 
either  T,p  or  p ,  T  denote  the  multiset  resulting  from  the  join  of  T  and  the  multiset  whose 
sole  member  is  <p.  A  sequent  is  an  expression  of  the  form  T  =>  A;  the  multiset  T  on  the  left 
is  called  the  antecedent ,  and  the  multiset  A  on  the  right  is  called  the  succedent. 

If  multisets  of  formulas  T  and  A  are  {{pi,  ...,<£>„}}  and  {{ip i, ...,  ipm}},  respectively,  then 
the  sequent  T  =$>  A  translates  as  the  propositional  formula 

(<pi  A  ...  A  (pn)  -*■  (V’l  V  ...  V  ipm) 

of  £oa>  and  is  abbreviated  as: 

Ar^VA 

In  addition,  we  use  DT  and  [a]T  as  abbreviations  for  the  multisets 

{{  DPu-,aPn  }}  and  {{  [a]<p\, ...,  [a\pn  }} 

respectively. 
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Definition  4.1  The  Gentzen-style  sequent  calculus  for  the  logic  S4F  has  the  following  ax¬ 
ioms  and  rules. 

1.  Classical  propositional  logic  axioms  and  rules  for  {X,— >■}; 

(Axiom)  :  <p  =>■  ip  (X  =>•)  :  X  =4> 

Fi  =»  Ai,y  r2  =»  A; 

1  1  i\,r2=s- a,,a2  '  ’  r=s-A ,<?-></> 

2.  Structural  rules: 

r  =>  a  r  ^  a 

(  =►)  :  -~—r  (=*  Weak)  :  - — 

v  ’  v?,r=^A  v  ’  r=>A,<^ 


(Q,n<r=».)  :  (=*■  Contr)  :  F,f  A;y’y 

v  ’  y>,r=^A  v  ’  r=^A,^ 


(Cfct)  : 


Tt  =»•  Ai,y>  y,r2  =>■  A2 
ri,r2  Ai,a2 


5.  S4  rules  for  □. 


.  v?,  r  =*>  a  .  .  ar 

^  □<£>,  r  =>  a  ^  ar  =»  □</? 


KF  rule  for  [a]; 


JFe  write 


(M  =>■  W)  : 


r  =»  a 

[a]T  =>•  [a]  A 


S4F  ho  r  A 


if  the  sequent  T  ^  A  in  the  language  £aa  /ias  a  S4F  sequent  calculus  derivation,  and  we 
write 

S4F  r  =>  A 

i/  sequent  T  =£>  A  m  the  language  £pa  has  a  cut-free  S4F  sequent  calculus  derivation. 


Note  that  1.,  2.,  3.  constitute  a  Gentzen-style  proof  system  for  S4  (cf.  [TS96]). 


Proposition  4.2  Equivalence  of  Sequent  Calculus  and  Hilbert-style  proof  system  for  S4F 
Let  T  and  A  be  multisets  of  formulas  of  Caa>  and  let  ip  be  any  formula  of  Caa. 
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(i)  7/S4F  hG  r  =►  A  then  S4F  \-H  A  r  -+  V  A- 

(ii)  7/S4F  h/f  9?  then  S4F  her  =4- 

Proof,  (i)  Proceed  by  induction  on  the  complexity  of  the  S4Fq  sequent  calculus  derivation 
of  T  =*  A.  Since  1.,  2.,  3.  axiomatize  a  sequent  variant  of  S4  it  suffices  to  verify  the  rule 
concerning  the  modality  [a]. 

So  assume  the  last  rule  applied  in  the  derivation  of  T  =>  A  is  ([a]  =£>  [a]),  and  the 
result  holds  for  the  upper  sequent  of  the  rule:  T  is  [a]T'  and  A  is  [a]  A',  and  the  sequent 
r  =>■  A  is  derived  from  T'  =>  A'  by  the  ([a]  =>  [a])  rule.  By  the  induction  hypothesis, 
S4F  I-#  /\  T  — >•  V  A*  Then 

1.  /\  P  -4  \/  A'  induction  hypothesis 

2.  [a]  (/\  P  — )•  V  A')  from  1.  by  [a]— necessitation 

3.  [a]  /\  T'  — >  [a]  \/  A'  from  2.  by  [a]K 

4.  [a]  AT'  «4  theorem  of  S4Fjy 

5.  [o]  V  A'  •(->■  V[a]A'  theorem  of  S4F# 

6.  A[a]r'  -t  VHA'  from  3. ,4.  and  5.  by  propositional  logic 

(ii)  We  show  that  each  of  the  axioms  of  S4F//  are  derivable  in  S4Fg,  and  that  each  of 
the  inference  rules  of  S4F#  are  preserved  in  S4F<?.  For  the  axioms  and  rules  of  S4  this  is 
known  ([TS96]). 

Consider  [a]- necessitation.  Assume  S4F  I~g  =>  <p.  Then  applying  ([a]  =>  [a])  (with  empty 
antecedent)  we  obtain  S4F  I~g  =£-  [a]p. 

Axiom  WK: 

<p  =$■  (p  ip  ^  ip  ( Axioms ) 

y>,  y?  — >-  =»  V>  (— fr-^) 

[a]y?,  [q](y>  ^  V>)  =»  [q]V>  ([a]  =*>  [a]) 

[a](y  -»  ip)  =»»  \a\fp  -»  [a]ip  (=»-»•) 

=*  [aj(<y5  -4  $)  -4  {[a)<p  -4  [a\xp)  (=*-4) 

Axiom  [a]-«,  the  — ►  direction  ( not  an  Intuitionistic  derivation) 

p  =>  <p  (Axiom) 

<p  <p,l.  Weak ) 

-L)  (=*-»•) 

=»  [g](p,  [g](y  -4  1)  ([a]  =►  [a])  -L  =>•  (!=*•) 

[a]y?  — >•  _L  [a](</3  — »  -L)  (— ^=r») 

=>  ([%  -»•  -L)  [a](¥>  -4  -L)  (=►-»>) 
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Axiom  [a]-',  the  <—  direction: 

cp  =$>  ip  (Axiom)  ±  =>  (_L  =3>) 

(y  -» -1-).  y  (->•=») 

[a](y>  -L)>  [«jy  =»  (H  =►  M) 

[a](c/?  — >■  ±),  [a]y  =$•  ±  (=^  Weafc) 

[<*1(y  ->!)=>  [a]ip  -A  -L  (=^~0 

=*•  M(y  ->■  -L)  ->  (My  -•-)  (=^“0 


We  conclude  this  section  with  some  rules  admissible  in  the  cut-free  sequent  calculus 
S4F<3-,  which  are  used  in  the  proof  of  completeness  in  Section  6. 


Proposition  4.3  Let  T  and  A  be  multisets  of  formulas  of  Caa>  let  y5  ip  be  formulas  of  Caa, 
and  let  k  €  N.  The  following  rules  are  admissible  in  the  cut-free  sequent  calculus  S4F(?-. 

n]k _ .  .  \  .  r=»[g]V  [g]V=»A 

'  *  [a]fc(y>  “j ►  0)?  r=>  a 


(=►  M*  ->) : 


[a]  V,  r  =»  A,  [g]  V 
T  A,  [a\k(<p  — y  ip) 


(M*°  =►)  : 


[a]k<p,  r=^  A 
[g]*ny>,  r=»  A 


Proof.  An  argument  is  a  pretty  standard  one  for  cut-free  derivations.  A  straightforward 
strategy  in  each  case  should  be  to  first  apply  the  appropriate  connective/modality  rule, 
(—*•=£-),  (=^— >■)  and  (□  =*>),  respectively,  then  deal  with  the  [a]*  prefix.  We  leave  this  to  a 
reader  as  a  routine  exercise.  ■ 


5  Kripke  Semantics 

Definition  5.1  A  Kripke  frame  for  £□„  is  a  triple  K,  =  (W,  R,  F),  where 

•  W  /  0  is  a  set  of  “worlds”; 

•  RC  W  xW  is  a  reflexive  and  transitive  binary  relation  on  W;  and 

•  F  :W  -»  W  is  a  total  function  on  W. 

A  Kripke  frame  JC  =  (W,  R,  F)  is  called  finite  iff  W  is  a  finite  set. 
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By  standard  arguments,  reflexive  and  transitive  binary  relations  capture  precisely  the 
S4  □  modality.  As  in  [Lem77],  §4,  pp.  60-61,  a  total  function  F  :  W  — »■  W  is  used  to 
interpret  the  [a]  modality.  If  one  prefers  to  interpret  modalities  with  a  binary  relation  on 
W,  take  Q  =  graph(F).  Then  as  a  binary  relation,  Q  is  both  “total”  and  “functional”,  i.e. 
for  all  to  E  W,  there  exists  a  unique  v  E  W  such  that  (to,  v)  E  Q.  The  “totality”  or  “serial” 
condition:  every  to  E  W  has  at  least  one  Q-successor,  is  characteristic  for  the  deontic  scheme: 

[a]D  :  [a]p  — y  (a)p 

The  converse  scheme: 

[a]Dc  :  {a)p  -»  [a}p 

is  characterized  by  the  “functionality”  or  “determinism”  condition:  every  to  E  IT  has  at 
most  one  (^-successor. 

Definition  5.2  A  valuation  for  a  Kripke  frame  1C  =  (IT,  R ,  F)  is  a  map  rj  :  W  — >  V(AP ) 
assigning  a  set  of  atomic  propositions  rj(w )  C  AP  to  each  world  w  E  W .  Each  such  valuation 
for  JC  determines  a  forcing  relation  lb^=lb^C  W  x  AP  defined  by 

w  lb,  p  iff  p  E  t](w) 

which  uniquely  extends  a  forcing  relation  Ib^C  W  x  Caa  (with  the  same  name)  on  all  formulas 
of  Caa,  by  the  following  clauses: 

(i)  w  IK,  -Wy?  iff  w  c p; 

(ii)  w  lh^  ip  -4  xj)  iff  w  (p  or  w  IK, 

(iii)  w  IK,  Op  iff  for  all  v  E  W,  if(w,v )  E  R  then  v  lhn  (p ; 

(iv)  to  IK,  [a}p>  iff  F( to)  lb„  p. 
for  all  to  E  W ,  and  all  <p,  ip  E  £aa* 

If  Q  =  graph(F),  then  by  the  total  functionality  of  Q,  this  last  clause  is  equivalent  to 

to  lhn  [a]<p  iff  for  all  v  E  W,  if  (to,  v)  E  Q  then  v  IK/  P- 

Definition  5.3  A  Kripke  model  for  £□„  is  a  pair  (/C,  rf),  where  K,  =  (IT,  R,  F )  is  a  frame 
for  Caa  o,nd  rj  :W  —>  V{AP)  is  a  valuation  for  K. 

Definition  5.4  Let  p  be  a  propositional  formula  of  Cna- 

•  p  is  satisfied  (or  forced,)  at  a  world  to  E  IT  in  a  Kripke  model  (fC,r])  iff  to  IH^  p; 
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•  (p  is  true  in  a  Kripke  model  (£,77),  written  ( JC,r] )  lh  <p,  iff  for  all  worlds  w  €  FF,  we 
have  w  ip; 

•  ip  is  valid  in  a  frame  K,  written  fC  lh  ip,  iff  for  all  valuations  r]  :  FF  — >•  V{AP )  for  K, 
we  have  (1C,  rj)  lh  ip; 

•  <p  is  Kripke  valid  iff  for  all  frames  1C  for  Caa,  fC  lh  ip. 


Proposition  5.5  Kripke  Soundness  of  S4F  Hilbert-style  proof  system 
For  all  formulas  ip  of  Caa,  if  S4F  h h  (p  then  <p  is  Kripke  valid. 

Proof.  The  required  verification  is  that  each  of  the  axioms  of  S4F#  are  Kripke  valid,  and 
that  the  inference  rules  of  S4F#  preserve  Kripke  validity.  For  the  axioms  CP  of  classical 
propositional  logic  and  for  modus  ponens ,  this  is  trivial.  The  verification  for  the  S4  axioms 
K,  T  and  4,  and  the  d-necessitation  rule  follow  the  standard  proof  of  soundness  of  the 
class  of  transitive  and  reflexive  frames  for  S4;  see,  for  example,  [HC96],  pp.56-57.  For  the 
[a]-necessitation  rule,  suppose  <p  is  Kripke  valid,  let  JC  =  (FF,  R,  F)  be  a  frame  for  Caa,  and 
let  rj  be  a  valuation  for  1C.  Since  <p  is  Kripke  valid  and  F(w)  €  FF  since  F  is  total,  we  have 
F(w)  lh,  ip.  Hence  w  lh,,  ip.  Hence  [a]<p  is  also  Kripke  valid.  The  verification  of  the  validity 
of  the  [a]K  and  [a]F  axioms  is  also  straightforward,  taking  as  a  starting  point  the  fact  that 
for  any  formula  ip  and  any  w  €  IF,  either  F(w)  lh,  ip  or  F(w)  lh,  ip,  and  then  crunching 
through  the  definitions  of  forcing  for  — ¥  and  [a].  ■ 


Proposition  5.6  For  all  formulas  ip  of  £pa, 

if  T  |=  ip  for  all  topological  structures  X  for  Caa, 
then  1C  lh  ip  for  all  Kripke  frames  1C  for  £aa. 

Proof.  Given  a  Kripke  frame  1C  =  (H7,  R,  F)  be  a  for  Caa,  define  Tr  to  be  the  topology  on 
W  which  has  as  a  basis  the  collection  of  all  sets 

Bw  =  {u  e  W  I  (w,v)  €  R}3 

So  Bw  is  the  set  of  all  R- successors  of  w.  Note  that  w  €  Bw  (by  the  reflexivity  of  R)  and 
v  G  Bw  implies  Bv  C  Bw  (by  the  transitivity  of  R),  so  Bw  =  |Jv€Bw  Bv.  It  is  readily  verified 
that  for  any  set  A  C  FF,  we  have: 

intrR(A)  =  {to  €  W  |  Bw  C  A} 

=  {w  €  FF  j  for  all  v  6  FF,  if  (w,  v)  €  R  then  v  E  A} 

3The  topology  Tr  is  variously  known  as  the  “cone  topology”  (generated  from  ft-cones  Bw)  and  the 
“Alexandroff  topology”  (from  [Ale56],  where  R  is  a  partial  order).  Grzegorczyk  uses  an  equivalent  topology 
in  [Grz67]. 
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In  particular,  an  open  set  U  G  Tr  is  a  neighborhood  of  w  iff  Bw  C  U. 

Since  F  :  W  — >  W  is  a  total  function,  the  induced  structure  Xjc  =  (W,Tr,F)  is  a 
topological  structure  for  Cna •  Given  a  valuation  r\  :  W  — >•  V(AP )  for  /C,  define  its  dual 
valuation  :  AP  ->  V{W)  for  Xjc  by: 

w  €  £„(p)  iff  p  €  p(w) 

for  all  p  6  AP  and  w  £\V.  A  simple  induction  on  formulas  establishes  that  for  all  <p  6  £a0 
and  all  w  G  IT, 

10  €  IMI*,  iff  w  lb,  <p 

Hence 

(Sac,  6>)  f=  ¥>  iff  (^77)lt*'P 

and  the  result  follows.  ■ 


6  Kripke  Completeness  for  S4F 

Our  task  in  this  section  is  Kripke  completeness  for  S4F,  together  with  the  finite  model 
property,  and  a  semantic  proof  of  cut-elimination.  We  prove  that  for  all  sequents  To  Ao 
in  the  language  £□<,,  if  To  =>•  Ao  does  not  have  a  cut-free  proof  in  S4Fg-,  then  there  is  a  finite 
Kripke  model  ( fC ,  rf)  for  Caa  such  that  at  a  world  wq  of  1C,  we  have  w0  if  5"  /\  T0  — >•  V  Ao,  i.e. 
wo  Ib^  <p  for  each  formula  <p  occurring  in  the  antecedent  To,  and  w0  if^  ip  for  each  formula 
t/>  occurring  in  the  succedent  Ao. 

The  fundamental  notion  is  that  of  a  saturated  sequent.  A  sequent  T  A  in  the  language 
Cna  (in  fact,  in  the  language  £□)  is  called  S4  saturated  iff  each  the  following  conditions  hold: 


(1.)  if  <p  — >  ip  G  T  then  either  rp  G  T  or  G  A; 

(2.)  if  <p  — ip  G  A  then  both  <p  G  T  and  ip  €  A; 

(3.)  if  □</?  G  T  then  <p  G  T, 

for  all  ip,ip  G  £oa(£o)-  Trivially,  the  empty  sequent,  0  =$>  0,  is  S4  saturated. 

.  Variants  of  the  notion  of  saturation  for  sequents  are  found  throughout  the  modal  and 
non-classical  logic  literature;  see,  for  example,  [AS93],  [Av84].  This  notion  is  intimately 
related  with  the  notion  of  a  set  of  signed  formulas  as  a  consistency  property  in  [Fi83].  The 
saturation  algorithm  below  is  modelled  on  that  of  [AS93].  Here,  we  strengthen  the  notion  of 
saturation  to  deal  with  the  [a]  operator. 


Definition  6.1 

A  sequent  T  =>  A  of  £□„  is  called  S4F  saturated  iff  each  the  following  conditions  hold: 
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(1.)  if[a]k(ip  -+  tj))  G  T  then  either  [a]kip  GT  or  [a]kip  €  A; 

(2.)  if  [a]k(ip  — »■  VO  €  A  then  both  [a]kp  G  T  and  [a]kip  G  A; 

(3.)  i/[a]fcD<^  €  T  then  [a]k(p  G  T; 

/or  a//  <p,  if>  €  Caa  and  k  G  N. 

It  is  immediate  that  if  T  =>  A  is  S4F  saturated,  then  T  A  is  S4  saturated,  since  S4 
saturation  is  just  the  case  of  k  =  0  in  each  of  conditions  (1.),  (2.)  and  (3.).  In  the  stronger 
notion  of  S4F  saturation,  we  require  that  subformulas  behave  “appropriately”  with  respect 
to  iterated  [a]fc’s.  Note  that  each  of  the  conditions  is  reflected  in  an  admissible  rule  for 
S4Fg-,  as  given  in  Proposition  4.3. 

As  a  technical  point,  SubFormfToU  Ao)  should  be  treated  as  a  multiset:  for  each  formula 
ip  occurring  in  the  multiset  To  U  A0,  the  multiset  of  all  subformulas  of  <p  is  contained  in 
SubF orm(T o  U  Ao).  In  particular,  expressions  of  the  form 

r  U  A  C  SubForm(To  U  Ao)  (1) 

are  to  be  read  as  multiset  inclusion.  Given  a  sequent  To  =4>  Ao,  there  are  only  finitely  many 
sequents  (r  =>  A)  of  £q0  such  that  the  equation  above  is  satisfied. 

Lemma  6.2  S4F  Saturation 

For  each  sequent  T0  =r>  A0  of  £aa, 

if  S4F  Y a-  To  =>  A0,  then  there  is  an  S4F  saturated  sequent  r  =4>  A  such  that 

(a)  r0crc  SubForm(T0  U  Ao); 

(b)  Ao  C  A  C  SubForm(To  U  Ao); 

(c)  S4FPG_r=^A. 

Moreover,  by  determinizing  the  algorithm  which  produces  such  a  saturated  sequent  from 
input  To  =>•  Ao,  we  may  take  the  output  T  =$>  A  to  be  unique,  and  denote  it  Sat(To  =>  Ao), 
the  S4F  saturation  of  T0  =£•  Ao. 

Proof.  We  expand  on  the  saturation  algorithm  of  [AS93],  taking  care  to  eliminate  any  non¬ 
determinism.  Given  as  input  a  sequent  To  =4>  Ao  in  the  language  Caa  such  that  S4F  PG_ 
r0  ^  A0,  we  construct  a  finite  tree  T(r0  =£-  A0)  labelled  with  sequents  of  such  that: 

(i)  the  root  node  of  T(Fo  =>•  Ao)  is  labelled  by  ro  =>•  Ao; 

(ii)  all  sequents  T  A  labelling  nodes  in  T(r0  =>•  A0)  satisfy: 
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(a)  r0crc  SubForm(r0  U  A0); 

(b)  Aq  C  A  C  SubForm(To  U  Ao). 


The  algorithm  requires  a  sub-routine  Marking,  which  is  a  book-keeping  device  for  keep¬ 
ing  track  of  which  formulas  have  been  dealt  with  or  are  yet  to  be  dealt  with. 

Marking(r  =*•  A):  Mark  each  occurrence  of  a  formula  in  T  U  A  with  either  a  “0”  (yet  to 
be  dealt  with)  or  a  “1”  (dealt  with)  as  follows: 

•  Each  occurrence  of  a  propositional  variable  or  A  in  T  U  A  is  marked  “1”. 

•  For  each  occurrence  of  a  formula  [a]k(y>  — >  ip)  in  T,  if  there  is  no  occurrence  of  [a]kip  in 
T  and  there  is  also  no  occurrence  of  [a]k<p  in  A,  then  mark  the  [a]k(<p  -4  ip)  with  “0”; 
otherwise,  mark  it  with  “1”. 

•  For  each  occurrence  of  a  formula  [a]k(<p  -4  ip)  in  A,  if  there  is  an  occurrence  of  [a]kip 
in  T  and  there  is  also  an  occurrence  of  [a]kip  in  A,  then  mark  the  [a\k(ip  -4  ip)  with 
“1”;  otherwise,  mark  it  with  “0”. 

•  For  each  occurrence  of  a  formula  [a]kOip  in  T,  if  there  is  no  occurrence  of  [a]k(p  in  T 
then  mark  the  [a]fcDc/?  with  “0”;  otherwise,  mark  it  with  “1”. 

•  All  remaining  occurrences  of  formulas  in  T  U  A  are  marked  “1”. 

Initialize:  The  current  node  is  the  root  node  labelled  To  =>■  Ao-  Run  the  sub-routine 

Marking(r0  =$■  A0). 

Repeat  with  each  current  node ,  labelled  T  =>•  A: 

0.  Axiom  Test:  Check  if  T  fl  A  ^  0,  or  if  X  G  T. 

If  either  of  these  tests  are  satisfied,  put  a  check  mark  next  to  the  current  node 
then  backtrack  up  the  tree  to  the  first  ancestor  of  the  current  node  that  is  a  branching 
node  and  has  a  child  node  without  a  check  mark,  then  select  the  check-less  (always  the 
right)  child  as  the  new  current  node.  [If  all  children  of  all  branching  ancestors  of  the 
current  node  are  checked,  then  the  tree  T(To  =>•  Ao)  can  be  easily  transformed  into  a 
cut-free  proof  in  S4Fq  of  To  =>  Ao  (using  only  (Axiom),  (X  =>),  the  admissible  rules 
([a]k  ~ (=>-  [a]*  — >•)  and  ([<*]*□  =£•),  plus  the  weakening  and  contraction  rules), 
which  contradicts  the  assumption  that  S4F  Fq-  To  Ao.] 

If  T  fl  A  =  0  and  A  ^  T,  proceed  to  1.  working  with  the  current  node. 

1.  Antecedent  [a]k  -4:  If  T  contains  an  occurrence  of  a  formula  [a]k(ip  -4  ip)  marked 
“0”,  put  a  check  mark  next  to  the  current  node,  then  create  two  child  nodes: 

r  =£•  A,  [a}k<p  r,  [a]kip  A 

\  / 

r=s>  a  / 
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labelled  T  =$>  A,  [a]V  and  T,  [a]kip  =*•  A,  respectively.  Run  the  marking  sub-routine 
on  both  child  nodes:  Marking(r  =$■  A,  [a]V)>  and  Marking(r,  [a\kip  =$>  A).  Then 
select  the  left  child  node,  labelled  T  =>  A,  [a]kcp,  as  the  new  current  node. 

If  T  contains  no  occurrences  of  any  formula  [a]k((p  ->  ip)  marked  “0”,  proceed  to  2. 
working  with  the  current  node. 

2.  Succedent  [a]k  ->■:  If  A  contains  an  occurrence  of  a  formula  [a]k((p  -¥  ip)  marked 
“0”,  put  a  check  mark  next  to  the  current  node,  then  create  one  child  node: 

r,  [a]  V  =►  A,  [a]kip 
I 

r  =>  a  / 

labelled  T,  [a]k(p  A,  [a]kip.  Run  the  sub-routine  Marking(r,  [a]  V  =£>  A ,[a]kip). 
Select  the  child  node  labelled  T,  [a\kip  =*•  A,  [a]kip  as  the  new  current  node. 

If  A  contains  no  occurrences  of  any  formula  [a)k(y>  -¥  ip)  marked  “0”,  proceed  to  3. 
working  with  the  current  node. 

3.  Antecedent  [a]fcD:  If  T  contains  an  occurrence  of  a  formula  [a]kOip  marked  “0”,  put 
a  check  mark  next  to  the  current  node,  then  create  one  child  node: 

r,  [«]  V  ^  a 
I 

r  =>  a  / 

labelled  T,  [a]k(p  =4>  A.  Run  the  sub-routine  Marking(r,  [a}kip  =*-  A).  Select  the  child 
node  labelled  T,  [a]k(p  =>■  A  as  the  new  current  node. 

If  r  contains  no  occurrences  of  any  formula  [a]kOtp  marked  “0”,  then  proceed  to  4. 

4.  Terminate  and  return  the  label  of  the  current  node,  T  A  (which  does  NOT  have 
a  check  mark  “/”)  as  the  saturation  of  To  =>■  Ao,  i.e.  Sat(To  =>•  Ao)  =  T  A 

The  saturation  algorithm  must  terminate  because  SubForm(To  U  Ao)  is  finite  and  there 
is  at  most  two  branches  at  each  step. 

It  is  immediate  from  the  construction  that  if  T  A  =  Sat  (To  =£-  Ao)  then 

(a)  To  C  T  C  SubForm(To  U  Ao)  and 

(b)  A0  C  A  C  SubForm(T0  U  A0) 
hold.  To  see  that 

(c)  S4F  FG-  T  =►  A 
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also  holds,  observe  that  if  T  =>•  A  had  a  cut-free  proof  in  S4Fg-,  then  by  saturation,  we 
would  have  m  A  /  0  or  1  G  T;  from  such  axiom  sequents,  we  could  reverse  the  steps  in  the 
saturation  process  to  construct  a  cut-free  proof  of  To  =4*  Ao,  contradicting  the  assumption 
that  S4F  Yq-  To  =£>  Ao.  H 

As  a  corollary  of  the  proof  (the  Marking  sub-routine),  we  have  that  for  sequents  T  =>  A 
of  £□  a  with  S4F  Yq-  T  A, 

T  =r>  A  is  saturated  iff  Sat{Y  =$■  A)  =  T  =£•  A 

To  deal  with  formulas  having  [a]  as  the  main  operator/connective,  we  define  an  operation 
on  sequents  called  “ Strip” . 


Definition  6.3  For  any  sequent  T  =£•  A  of  Caa,  define 

Strip(T  =►  A)  =  {{v?  |  [a]p  6  T}}  =>  {{ip  \  [a\ip  €  A}} 
where  the  double  braces  {{...}}  denote  multi-set  formation. 


So  if  Strip(T  =$>  A)  =  (r'  =»  A'),  then  for  each  occurrence  of  a  formula  [a\p  in  T,  there  is 
a  corresponding  occurrence  of  cp  in  r7,  and  likewise,  for  each  occurrence  of  a  formula  [a]ip  in 
A,  there  is  a  corresponding  occurrence  of  ip  in  A',  and  these  are  the  only  formulas  occurring 
in  T'  and  A'  respectively.  In  particular,  all  formulas  in  T  U  A  that  do  not  have  [a]  as  the 
main  operator/connective  are  erased  completely  by  the  Strip  operator.  Thus  if  there  are  no 
occurrences  of  formulas  of  the  form  [a]p  in  TU  A,  then  StripfT  =£>  A)  =  (0  =$■  0),  the  empty 
sequent. 

Lemma  6.4  For  all  sequents  T  =>  A  of  Coa,  if  Strip(T  =£■  A)  =  T'  =$■  A',  then  for  all 
P  €  Coat 

(i)  T'  C  SubForm(T)  and  A'  C  SubForm( A); 

(ii)  [a\p  e  T  iff  pe  r'; 

(iii)  [a]p  €  A  iff  p  €  A'; 

(iv)  if  S4F  YG-  r  =►  A,  then  S4F  YG-  V  =*■  A'; 

(v)  ifT^A  is  S4F  saturated,  then  T'  =>•  A'  is  also  S4F  saturated. 
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Proof.  Properties  (i),  (ii)  and  (iii)  are  immediate  from  the  definition  of  Strip.  For  (iv), 
suppose  S4F  Y~g-  T  A,  but  S4F  hG-  P  =r-  A'.  Then  from  a  cut-free  proof  of  P  =4>  A', 
one  can  construct  a  cut-free  proof  of  T  ^  A  using  the  ([a]  [a])  rule  followed  by  left 

(respectively,  right)  weakening  of  all  the  formulas  in  T  (respectively,  A)  that  do  not  have  [a] 
as  the  main  operator/ connective.  For  (v),  suppose  T  =>■  A  is  S4F  saturated,  and  consider 
P  =►  A'.  Then  for  clause  (1.)  of  S4F  saturation, 

[a]k(<p  -4  0)  €  P 

[a]k+1((p  -¥  0)  E  T  by  (ii) 

^  [a]fc+10  £  T  or  [a]k+1(p  €  A  by  S4F  saturation  of  T  =$■  A 
[a]kip  E  T'  or  [a]V  €  A'  by  (ii)  and  (iii) 

The  verification  for  clauses  (2.)  and  (3.)  proceeds  similarly.  ■ 

As  is  suggested  by  the  name,  the  Strip  function  “strips  off”  outermost  [aj’s,  thus  reducing 
the  complexity  of  the  sequent  with  respect  to  the  nesting  of  [aj’s.  The  following  definition 
makes  this  more  precise. 


Definition  6.5  For  formulas  ip  of  Caa,  define  [ajrank(c^)  in  the  obvious  way: 

[ajrank(^)  =0  for  q  E  AP  U  {±} 

[a] rank (y?  — >■  0)  =  max{[a]rank(<^),  [a]rank(0)} 

[ajrank(Dyj)  =  [a]rank(y>) 

[a]rank([a]y)  =  [ajrank(yj)  +  1 

And  for  a  sequent  T  =^>  A  of  Caa,  define 

[a]rank(r  A)  =  max{[ajrank(v?)  |  ip  in  T  U  A} 


Lemma  6.6  For  any  sequent  T  =>  A  of  Caa, 

(a)  if  T  U  A  contains  at  least  one  formula  of  the  form  [a\ip,  then 

[a]rank(5'trip(r  =>•  A))  <  [a]rank(r  =>  A)  —  1 

and  otherwise 

[ajrank  (Strip(T  =r*  A))  =  0 

(b)  i/[a]rank(r  =>•  A)  =  m  then  Stripm+1( V  =>•  A)  =  (0  0). 

Proof.  Immediate  from  Definition  6.5.  ■ 


19 


Definition  6.7  For  each  sequent  T0  =£►  Ao  in  the  language  define  5'ufe-S4F(ro  =k  Ao) 
to  be  the  set  of  all  sequents  T  =$■  A  in  Caa  satisfying  the  three  properties: 

•  T  =»  A  is  S4F  saturated; 

•  T  U  A  C  SubForm(To  U  Ao); 

•  S4F  Fq-  T  =*>  A. 

It  is  immediate  from  the  second  property  that  5'u6-S4F(r0  =>•  Ao)  is  finite;  it  is  also  non¬ 
empty  since  it  always  contains  the  empty  sequent,  (0  =$■  0).  Note  that  if  S4F  Yq-  To  =>•  Ao, 
then  Sat(To  =>  A0)  =  Ti  =4*  Ai  is  in  Sub-S4F(T0  =>■  A0). 

Definition  6.8  For  each  sequent  To  =Y  Ao  in  the  language  Caa>  we  define  a  Kripke  frame 
£( r0=>-Ao)  =  (W>  R,  F)  for  T0  ^  A0  as  follows: 

•  W  =  Sub-S4F(T0  =»  Ao); 

•  ((r  =$■  A),  (r'  =^-  A*))  €  R  iff  for  all  <p  inCaa,  €  T  implies  □  <p  €  P* 

•  F  =  Strip 

The  Kripke  frame  /C(r0=j.A0)  called  the  S4F  saturation  frame  for  T0  =r-  A0. 

Define  the  canonical  valuation  r; :  W  — ►  'P(PV)  for  /C(r0=*-Ao)  by 

p  e  rj(T  A)  iff  per 


It  is  readily  verified  that  the  S4F  saturation  frame  /C(r0=*.A0)  a  Kripke  frame  for  £□„.  The 
reflexivity  and  transitivity  of  R  follow  from  the  corresponding  properties  of  implication,  and 
by  Lemma  6.4,  F  =  Strip  :  W  — >  W  is  a  total  function  on  W  =  5'u6-S4F(r0  =>  A0). 


Lemma  6.9  Main  Semantic  Lemma  for  S4F 

Let  T0  =$■  A0  be  any  sequent  in  Caa,  let  K.  =  /C(r0=*.A0)  be  the  S4F  saturation  frame  for 
To  =>•  Ao,  and  let  r]  be  the  canonical  valuation  for  K.  as  in  Definition  6.8. 

Then  for  all  (r  =$■  A)  €  W  and  for  all  formulas  <p  in  Cna,  we  have: 

(peT  implies  (r  =£►  A)  lbn  <p 
<p  e  A  implies  (r  =>  A)  IYV  ip 
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Proof.  We  proceed  by  induction  on  the  complexity  of  formulas  p  in  £□„. 

Fix  (r  =>  A)  G  W  =  Sub-S4F(To  =>  Ao).  For  propositional  variables  p  G  PV,  p  G  T 
implies  (r  =>  A)  lh^  p,  directly  from  the  definition  of  atomic  forcing,  and  p  G  A  implies  p  ^  T 
since  S4F  Yq-  T  =£>  A,  hence  (r  =*>•  A)  p  from  the  definition  of  atomic  forcing.  For  the 
constant  J_,  the  condition  JL  G  T  is  impossible,  since  S4F  Yq-  T  =>  A,  and  (r  =r>  A)  1YV  JL 
by  the  definition  of  Ib^for  _L,  hence  the  result  holds  for  X. 

For  assume  by  induction  that  the  result  holds  for  p  and  ip,  for  all  sequents  in  W.  Fix 
(r  =r-  A)  G  W  and  suppose  ip  — f  ip  G  T.  Then  by  the  S4F  saturation  of  T  =r>  A  (clause  (1.), 
k  =  0),  we  have  either  ip  G  T  or  p  G  A.  Hence  by  the  induction  hypothesis,  (r  =£►  A)  lb,,  ip  or 
(r  =>•  A)  \YV  ip.  Hence  (r  =4>  A)  lb,,  p  ip.  For  the  succeedent,  suppose  ip  — >  ip  G  A.  Then 
by  the  S4F  saturation  of  T  =>  A  (clause  (2.),  k  =  0),  we  have  <p  G  T  and  ip  €  A.  Hence  by 
the  induction  hypothesis,  (T  =*>  A)  lb,,  p  and  (T  A)  \Yn  ip.  Hence  (r  =£•  A)  lb,,  <p  -*  ip. 

For  □  in  the  antecedent,  assume  by  induction  that  the  result  holds  for  p,  for  all  sequents 
in  W.  Fix  (r  =>  A)  G  W  and  suppose  Dp  G  T.  Now  let  (T*  =>■  A*)  G  W  be  any  sequent 
such  that  ((r  =>  A),(r'  =>  A  ))  G  R.  Then  Dp  G  T*,  by  the  definition  of  R,  and  then  by 
the  S4F  saturation  of  T*  =>  A'  (clause  (3.),  k  =  0),  we  have  p  G  T\  Hence  by  the  induction 
hypothesis,  (T*  =>•  A’)  lb,,  p.  Thus  by  the  definition  of  Ib^for  □,  we  have  (r  =$■  A)  lb,,  Dp. 

For  □  in  the  succedent,  assume  by  induction  that  the  result  holds  for  p,  for  all  sequents 
in  W.  Fix  (r  =$■  A)  G  W  and  suppose  Dp  £  A.  Let  □V’i,  •  ••,  be  a  list  of  all  occurrences 
of  formulas  in  T  which  have  □  as  their  main  connective/operator.  Let  T  =>  A  be  the 
sequent  D^i, Dipn  =$>  p.  Then  S4F  Yq-  T  =r*  A  ,  for  otherwise,  from  a  cut-free  proof  of 
r'  A' ,  we  could  construct  a  cut-free  proof  of  T  =>■  A  using  the  rule  (=>•  □)  plus  left  and 
right  weakening,  thus  contradicting  S4F  Yq-  T  =>•  A.  Now  let  (r  =>■  A  )  =  Sat(T'  =^>  A’). 
Then  from  Lemma  6.2, 

•  (r  A  )  is  S4F  saturated; 

•  T  C  SubForm{T')  C  SubF orm(T q  U  Ao),  and 
A  C  SubForm(A')  C  SubForm(To  U  Ao);  and 

•  S4F  yg-  r"  a". 

Hence  (r  A  )  G  W  =  Sub-S4F(T0  =b  A0).  Moreover,  ^(r  =>•  A),(r  =$•  A  )^  G  R, 

n  it  it 

since  □?/>,•  G  T  implies  □?/>,-  G  T  .  Now  p  G  A  ,  hence  by  the  induction  hypothesis,  (r  =£> 
A  )  IYV  p.  Then  by  the  definition  of  lb,, for  □,  we  have  (T  =>•  A)  \Yn  Dp. 

Finally  for  [a],  assume  by  induction  that  the  result  holds  for  p,  for  all  sequents  in  W. 
Fix  (r  A)  G  W ,  and  let  r'  =►  A'  =  F(T  =»  A)  =  Strip(T  =>  A).  Then  [a]p  G  T 
implies  <p  G  T  ,  by  Lemma  6.4,  hence  by  the  induction  hypothesis,  (r  =>  A  )  lb,,  p.  Then 
by  the  definition  of  lb,, for  [a],  we  have  (T  A)  lb,,  [a]p.  Symmetrically,  for  the  succeedent, 
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[a]tp  (E  A  implies  cp  6  A',  by  Lemma  6.4,  hence  by  the  induction  hypothesis,  (T'  =>  A’)  1YV  <p. 
Then  by  the  definition  of  Ib^for  [a],  we  have  (r  A)  lYn  [a)<p.  ■ 

Theorem  6.10  Kripke  completeness  and  finite  model  property  for  S4F 
Let  To  =>  Ao  be  any  sequent  in  £□<,. 

If  S4F  Yq-  To  =*•  Ao,  then  there  is  a  finite  Kripke  frame  JC  and  valuation  tj  for  JC  such 
that  (JC,r))lY  AIW  \fA0. 

Proof.  Let  JC  =  £( r0=*A0)  be  the  S4F  saturation  frame  for  T0  =>■  A0,  let  tj  be  the  canonical 
valuation  for  JC ,  as  in  Definition  6.8,  and  let  (Ti  Ai)  =  Sat(To  =b  Ao).  If  S4F  Yq-  To  =b 
A0  then  (Fi  =>•  Ai)  6  W.  Since  r0  C  and  A0  C  Ai,  we  have  by  Lemma  6.9, 

(ri  =>  Ai)  lb„  <p  for  all  ip  €  T0 
and  (rx  =*►  Ai)  lYn  for  all  ^  €  Ao 

hence 

(£,7/)F/\r0->- \/A° 

■ 

7  Consolidation  Theorems  for  S4F 

We  consolidate  the  major  results  of  previous  sections. 

Theorem  7.1  For  all  multisets  T,  A  of  formulas  of  Caa,  the  following  are  equivalent: 

(1.)  S4F  ho-  T  =r>  A 
(2.)  S4F  hG  T  =*►  A 
(3.)  S4Fh,  Ar->  VA 

(4.)  %  f=  A  r  — y  V  A  for  all  topological  structures  %  for  Caa, 

(5.)  /C  lb  A  T  ~ ^  V  A  for  all  Kripke  frames  JC  for  Caa, 

(6.)  JC  lb  A  T  — *  V  A  for  all  finite  Kripke  frames  JC  for  Caa. 

Proof.  (1.)  =>-  (2.)  is  trivial.  (2.)  (3.)  is  Proposition  4.2.  (3.)  =>•  (4.)  is  Proposition  3.2. 

(4.)  =£■  (5.)  is  Proposition  5.6.  (5.)  =»•  (6.)  is  trivial.  (6.)  =>■  (1.)  is  Theorem  6.10.  ■ 

Corollary  7.2  The  sequent  calculus  S4FG  admits  cut- elimination. 

Corollary  7.3  The  logic  S4F  is  decidable. 
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8  Adding  Continuity:  S4C 

In  our  definition  of  a  topological  structure  X  =  ( X,T,f )  for  the  language  CDa,  we  place 
no  restrictions  on  the  function  /  :  X  -*•  X,  other  than  totality.  The  language  itself  is  rich 
enough  to  express  various  properties  of  /,  notably  the  continuity  of  /  with  respect  to  the 
topology  T.  We  call  the  scheme 

Cont  :  [a]D<£>— )■ 

the  continuity  axiom ,  in  virtue  of  the  following  proposition. 

Proposition  8.1  [Kur66]  I, §13;  [RS63]  III, §3. 

Let  X  =  (X,T,  f)  be  a  topological  structure  for  Caa  ■  Then  the  following  are  equivalent: 

(a)  for  each  (p  G  Coa,  T,  (=  ->  □  ; 

(b)  for  each  <p  €  Caa,  %  \=  **  0[a]n9?  ; 

(c)  the  function  f  :  X  — >  X  is  continuous  with  respect  to  the  topology  T . 

Proof.  Let  <p  be  any  formula  of  £oa,  let  f  be  any  valuation  for  X,  and  let  A  —  C  X. 
Then 

Wiaptp  ^  a[a)<p\\t  =X  iff  f-l(intr{A))  Cintrif-^A)) 

and 

||[o]D^>  □[a]Q(^||^  =  X  iff  f~1(intr(A))  =  intr(f~1{intr{A))) 

Now  the  following  equivalence  is  immediate: 

(b)  :  f~l{intr{A ))  =  intr{f~l{intr{A )))  for  all  A  C  X 

iff  (c):  f-1(U)=intT(f-1(U))  for  all  17  G  T 

i.e.  /  is  continuous  w.r.t.  the  topology  T 

since  U  €  T  iff  U  =  intr{U),  and  for  any  A  C  X,  we  have  intr(A)  -  U  for  some  U  €  T. 
So  rewriting 


(a):  f~l(intT{A))  C  intT(f~\A))  for  all  A  C  X 

it  suffices  to  show  that  (a)  =>•  (c)  and  (b)  =£-  (a). 

Assume  (a)  holds.  Then  for  any  U  €  T,  we  have  U  =  intq-{U ),  hence 

intT(f-l(U))  C  f~'(U)  =  f-\intT{U ))  C  intT{f-l{U )) 

and  thus 

/-'(£/)  =  intT(f-\V)) 
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so  (a)  ^  (c). 

Now,  for  any  A  C  X,  we  have  intr(A)  C  A,  hence  applying  intj  o  /_1,  we  have 


intr{f  1(intr(A)))  Cintr(f  *(A)) 


Thus  if  (b)  holds,  we  have 

f~l(intT(A))  =  intT{f~x{intT{A)))  C  intT(f~l(A )) 
hence  (b)  (a),  as  required.  ■ 

The  preceding  proposition  gives  us  an  alternative,  equivalent  version  of  the  continuity 
axiom,  namely: 

Cont*:  [<*]□<£>  — ¥  □  [a]dy? 

It  is  also  readily  established  that  over  the  Hilbert  system  S4F //,  the  schemes  Cont  and 
Cont*  are  provably  equivalent.  The  Cont*  scheme  will  be  appealed  to  in  devising  a  sequent 
calculus  rule  capturing  continuity. 

From  [RS63]  and  [Kur66],  the  converse  of  the  Cont  scheme, 

Open  :  □  [<!]<£  — »•  [<*]□</? 

characterizes  the  open  mapping  property.  All  instances  of  the  Open  scheme  are  true  in  a 
topological  structure  %  =  ( X,T,f ),  exactly  when  the  function  /  :  X  — >  X  is  such  that  for 
all  U  G  T,  the  image  f(U)  €  T,  since  the  latter  condition  holds  exactly  when 

intj(f~l(A ))  C  /-1(mt7-(A))  for  all  ACI; 

see  [RS63],  III, §3,  p.  99,  and  [Kur66],  I, §13, XIV.  Thus  the  conjunction  of  the  schemes  Cont 
and  Open,  namely: 

□  [a]</?  ■H-  [a]CV 

characterizes  continuous  and  open  maps  /  :  X  — X;  equivalently,  the  set  map  /-1  : 
V(X)  —y  V(X)  is  a  (topological)  homomorphism  of  the  topological  Boolean  algebra  *Bj-(X)  = 
(V(X),U,  n,  —  ,X,  0,  intr)  into  itself  ([RS63],  III, §3). 

In  this  study,  our  chief  interest  is  in  continuity.  Next,  we  characterize  the  Kripke  models 
which  satisfy  the  continuity  axiom. 

Proposition  8.2  Let  K,  =  (W,R,F)  be  a  Kripke  frame  for  £oa.  Then  the  following  are 
equivalent: 

(a)  for  each  (p  €  Cna,  K  lb  — ►  / 
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(b)  the  function  F  :  W  — >•  W  satisfies  the  condition: 


for  all  w,v  E  W . 


(w,v)  E  R  implies  ( F(w),F(v ))  E  R 


Proof.  For  (b)  (a),  fix  <p  E  £Qa,  w  E  W  and  a  valuation  77  for  1C.  Then 

toJF,  [a]dcp  — >  d[a]cp 
w  IF,  [a]d<p  and  w  IF,  d[a]<p 
&  for  all  x  E  W,  if  ( F(w ),  x)  E  R  then  x  Ih^  <p, 
and  for  some  v  E  W,  ( w ,  v)  E  R  and  F(v)  IF,  f 
=>•  for  some  v  E  W ,  (w,v)  €  R, 

but  for  all  x  €  W ,  if  ( F(w ),  x)  E  R  then  x  ^  F(n) 
O  for  some  v  E  W,  ( w,v )  E  R  but  (F( w),  F(v))  R 


For  (a)  (b),  suppose  (b)  is  false,  so  there  exists  w,v,u,z  E  W  such  that  (w,  v)  E  R, 

u  =  F( w),  z  =  F(v)  and  (u,  z)  ^  R.  (By  reflexivity,  u  ^  z,  so  W  must  have  at  least  2 
elements,  and  so  be  non-degenerate.)  Choose  any  p  E  AP  and  define  77  :  W  — >■  V{AP)  by 


f  { p }  if  ( u,x )  E  R 
(  0  otherwise 


By  construction  of  rj,  ( u,z )  ^  R  implies  z  IF,  p,  hence  F(v )  IF,  p,  since  z  =  F(v),  and  so 
v  IF,  [a\p.  Since  ( w,v )  E  R,  this  means  w  IF,  d[a]p. 

Our  chosen  valuation  rj  also  gives  us  x  IF,,  p  for  all  x  E  W  such  that  (u,  x)  E  R,  hence 
u  IF,  dp;  since  u  =  F(w),  we  have  w  IF,  [a] dp. 

Hence  w  IF,  [a]  dp  — d[a]p.  ■ 

For  comparative  purposes,  note  that  a  Kripke  frame  JC  =  {W,  R,  F )  forces  all  instances 
of  the  Open  scheme  exactly  when  the  condition: 


(F(w),u)  E  R  (3u  E  W)[F(v)  =  u  and  (10,  v)  E  F]  (F— open) 

holds  for  all  w,u  E  W.  This  condition  is  properly  stronger  than  the  converse  of  R- 
monotonicity: 

(F(w),F(v))  E  R  ^  (w,v)  E  R 

since  the  (F— open)  condition  can  fail  when  F  is  not  surjective;  i.e.  there  is  a  u  6  W  such 
that  u  ^  F(v)  for  all  v  E  W. 


Definition  8.3  A  topological  structure  X  =  ( X,T,f )  for  £□„  is  called  continuous  iff  f  is 
continuous  with  respect  to  T. 

A  Kripke  frame  K  =  (W,  R,  F)  for  Caa  is  called  continuous  iff  F  satisfies  the  condition: 

(w,v)  E  R  implies  (F(w),  F(v))  E  R 
for  all  w,v  E  W;  i.e.  F  is  R-monotone. 
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Proposition  8.4  For  all  formulas  V  Of  Coa, 

if  %  |=  ip  for  all  continuous  topological  structures  %  for  Cna, 
then  K,  Ik  <p  for  all  continuous  Kripke  frames  K,  for  Caa  ■ 

Proof.  From  Proposition  5.6,  it  suffices  to  show  that  for  each  continuous  Kripke  frame 
JC  =  (VF,  R,  F )  for  £aa,  the  induced  topological  structure  Xjc  =  (W,Tr,  F)  is  such  that  F  is 
continuous  w.r.t.  the  topology  Tr.  Now  for  arbitrary  A  C  W  and  w  G  W,  we  have: 

w  €  F~l{intrR{A )) 

F(w)  G  intj-R(A) 

&  (Vz  eW)[(F(w),z)  G  R=>  z  G  A] 

=*  (Vv  e  W)[  (w,  v)  e  R  =►  F(v)  g  A  ]  (*) 

(VveW)[(w,v)£R^v€F-1(A)] 
w  G  int'j-R(F~1(A)) 

with  the  implication  (*)  a  consequence  of:  (w,v)  G  R  =>  (F(w),  F(v))  €  i?.  (It  is  also 
readily  verified  that  the  converse  also  holds:  F  is  continuous  with  respect  to  Tr  implies  F  is 
H-monotone.)  ■ 

Definition  8.5  The  Hilbert-style  proof  system  for  the  logic  S4C  has  as  its  axiom  schemes 
those  of  S4F  (Definition  3.1)  together  with  all  instances  of  the  scheme 

Cont  :  [a]n<£>  — t  □  [«](£> 

in  the  language  £□„;  the  inference  rules  are  the  same  as  those  of  S4F. 

We  write 

S4C  \-H  (p 

or  say  (p  is  S4C#  provable,  if  the  formula  (p  G  £aa  has  an  S4C  Hilbert-style  derivation. 

The  following  are  derivable  in  S4Cr,  for  any  formula  <p  G  £oa  and  k  G  N. 

[a]feCont  :  [a]kD<p  -4  D[a]k<p 

[a]fcOCont  :  O [a\kp>  — >  [a]fcO</? 

The  following  is  an  admissible  inference  rule  in  S4C//,  for  any  formulas  <p,ip,x  €  £aa 
and  G  N: 

Continuous 

Hoare  composition:  <p  -4  [a]fcDx,  X  ~ [a]lOtp 

-4  [a]fc+' D0 
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Proposition  8.6  Soundness  of  S4C  Hilbert-style  proof  system 
For  all  formulas  ip  of  Coa,  if  S4C  \~h  <p, 
then  %  \=  p  for  all  continuous  topological  structures  %  for 
and  K  lh  <p>  for  all  continuous  Kripke  frames  JC  for  Caa. 

Proof.  Immediate  from  Propositions  3.2,  8.1  and  8.2.  ■ 


Definition  8.7  The  Gentzen-style  sequent  calculus  for  the  logic  S4C  has  the  same  axioms 
and  rules  as  those  for  S4F  (Definition  4- 1 ),  and  in  addition,  the  rule: 


(ContG)  : 


□  [g]Dy?,r=j>  A 
[«]□¥>,  r  =»  a 


The  first  point  of  note  is  that  this  new  rule  violates  the  sub-formula  property,  but  it  does 
so  in  a  manageable  way.  To  compensate,  we  have  to  deal  with  a  larger  class  of  psuedo-sub- 
formulas  of  a  sequent. 


Definition  8.8  For  each  sequent  To  =>  A0  of  Caa,  define 
O—SubFormfTo  U  Ao) 

=  SubForm(r0  U  Ao)  U  {{□<£>  |  P  G  SubForm(T0  U  Ao)}} 
where  SubFormfTo  U  Ao)  and  0-SubForm(To  U  Ao)  are  multisets  of  formulas4 . 


Proposition  8.9  Equivalence  of  Sequent  Calculus  and  Hilbert-style  proof  system  for  S4C 
Let  T  and  A  be  multisets  of  formulas  of  Caa)  and  let  <p  be  any  formula  of  Caa. 

(i)  7/S4C  \-G  T  =>  A  then  S4C  \~H  f\T  \/ A. 

(ii)  7/S4C  \~h  ip  then  S4C  \~q  =$►  p- 

Proof.  For  (i),  beyond  the  proof  of  part  (i)  of  Proposition  4.2,  we  need  only  consider  the 
case  where  the  last  rule  applied  in  the  S4Ce  derivation  of  T  =>■  A  is  the  new  (Conte)  rule. 
So  assume  T  is  [a]Dy>,  P  and  the  sequent  T  =>•  A  is  derived  from  □[a]di^,  H  =>  A  by  the 
(Conte)  rule.  By  the  induction  hypothesis,  S4C  \~h  □[a]D<^  A  (/\  T')  — >  \f  A.  Then 

4As  in  the  discussion  following  Definition  6.1 


27 


1. 

□[«]□¥>  a  (AH  ->  \/a 

induction  hypothesis 

2. 

Dip  DDp 

axiom  Q4 

3. 

[a](Dy>  -4  □□</?) 

from  2.  by  [a]— necessitation 

4. 

[a]n<£>  -4  [a]dCl<£> 

from  3.  by  [a]K 

5. 

[ajdOyp  -4  □[(&]□<£> 

axiom  Cont 

6. 

[a]D(/5  -4  □  [ajD^ 

from  4.  and  5. 

7.. 

HD^A(Ar')  VA 

from  1.  and  6.  by  propositional  logic 

For  (ii),  beyond  the  proof  of  part  (ii)  of  Proposition  4.2,  we  only  need  show  that  the 
Cont  axiom  [app  -4  □  [a]<£  is  derivable  in  S4Cg- 

p  =>  p  (Axiom) 

□</?  ^  p  (□  =£•) 

[cpy  =*  [<#  (H  =*>  M) 

□  [c]D</?  =4-  [c\p  (□  =£>) 

□  [c]D<^  =*►  D[c]v?  (=»  a) 

[c]D p  =»  □  [c]y>  (ContG) 

[a]D¥>  ->  D[«]¥>  (=►-*) 


Observe  that  the  scheme 

[o]*Cont*  :  [a]k[app  -4  [a]fcO[a]Dv? 

is  derivable  in  S4C^:  the  derivation  can  be  extracted  from  the  proof  of  part  (i)  of  the  previous 
proposition,  together  with  k  applications  of  [a]-necessitation  and  an  appeal  to  [a]fcK  <4. 


Proposition  8.10  Let  T  and  A  be  multisets  of  formulas  of  Caa,  let  p  be  a  formula  of  Caa, 
and  let  k  £  N.  The  following  rule  is  admissible  in  the  (cut-free)  sequent  calculus  S4C(?-. 


([a]fcContc) : 


[a]fcD[a]Dy,r  =»  A 
[a]fc[a]d<£>,  T  =>  A 


Proof.  Again,  as  in  4.3,  a  straightforward  strategy  should  be  to  first  apply  the  rule  Conte 
and  then  deal  with  the  [a]fc  prefix.  Without  any  loss  of  generality  we  may  consider  the  case 
k  =  1.  Let  [a]  □[<!]□</>,  T  =$■  A  be  derived  in  S4CG-  and  let  T>  be  a  corresponding  derivation. 
Consider  a  node  in  V  where  the  formula  [o] □[<!]□</?  was  introduced  first.  There  are  three 
possibilities  for  a  sequent  assigned  to  this  node:  it  is  an  axiom,  an  instant  of  the  weakening 
or  the  [a]  =$■  [a]  rule.  Let  us  treat  the  latter.  The  node  under  consideration  is 

□[gpp,  r=»  a* 

[a]  □  [<»]□</?,  [a]P  =£■  [a]  A' 
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We  replace  this  node  by  a  pair  of  nodes 


□  [q]Dy,r  =»  A' 

[g]dy>,  H  =»►  A7  (Conto) 

[a]  [a] Dip,  [a] T'  =*•  [a]  A'  ( [a]  =4>  [a] ) 

Now  replace  everywhere  in  the  path  from  this  node  to  the  root  sequent  all  corresponding 
occurrences  of  [a] □  [a] Ely  by  [g][g]d<£>.  Perform  this  operation  with  all  the  nodes  where 
[a]d[g]d^>  was  introduced,  adjust  some  weakenings  and  get  an  S4C<3-  derivation  of  the 
desired  sequent  [a]  [a] dip,  T  =£•  A. 

We  leave  the  remaining  cases  to  a  reader  as  routine  exercises.  ■ 


9  Kripke  Completeness  for  S4C 

To  prove  completeness  for  S4C,  we  modify  the  proof  of  Kripke  completeness  (and  the  finite 
model  property)  for  S4F  by  further  strengthening  the  notion  of  saturation  to  behave  well 
with  new  Conte  rule,  and  force  the  “[g]-stripping”  Strip  function  to  be  monotone  with 
respect  to  the  accessibility  relation: 

((r  =r>  A),  (T  =>•  A  G  R  iff  [  dy?  €  r  implies  dy>  £  T*  ] 

Let’s  start  with  a  stronger  notion  of  saturation. 


Definition  9.1  A  sequent  T  =$■  A  in  the  language  Cna  is  called  S4C  saturated  iff  each  the 
following  conditions  hold: 

(1.)  if[a]k(ip  -4  ip)  G  T  then  either  [g]fc^/!>  £  T  or  [a\k<p  £  A; 

(2.)  if  [a]k{<p  -4  ^)  £  A  then  both  [a]k(p  €  T  and  [a]kip  £  A; 

(3.)  if  [a]*dy>  £  T  then  [a]k<p  £  T; 

(4.)  if  [g]fc[g]dy>  £  T  then  [a]fcd[a]Dy>  £  P, 
for  all  ip,  ij>  £  Caa  and  k  €  N. 


Note  that  if  T  =£•  A  is  S4C  saturated,  then  r  ^  A  is  S4F  saturated,  since  S4F  saturation 
is  just  clauses  (1.),  (2.)  and  (3.)  of  S4C  saturation.  Clause  (4.)  of  S4C  saturation  is  reflected 
in  the  S4Fg_  admissible  rule  given  in  Proposition  8.10. 
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Lemma  9.2  S4C  Saturation 

For  each  sequent  T0  =*►  A0  in  the  language  £aa> 

if  S4C  Fq-  To  =>  Ao,  then  there  is  an  S4C  saturated  sequent  T  =>  A  such  that 

(a)  r0crc  D-SubForm(T0  U  A0); 

(b)  A0C  AC  D-SubForm(To  U  Ao); 

(c)  S4C  FG-  r  =^>  A. 

Moreover,  by  determinizing  the  algorithm  which  produces  such  a  saturated  sequent  from 
input  To  =£■  Ao,  we  may  take  the  output  T  =r-  A  to  be  unique ,  and  denote  it  5a<s4c(ro  => 
A0),  the  S4C  saturation  of  To  =>  Ao. 

Proof.  The  saturation  algorithm  and  its  verification  are  analogous  with  those  in  the  proof 
of  Lemma  6.2. 

In  the  Marking(T  =>•  A)  sub-routine,  add  an  extra  line: 

•  For  each  occurrence  of  a  formula  [a]fc[a]0<£>  in  T,  if  there  is  no  occurrence  of  [a] k □[a]D<£> 
in  T  then  mark  the  [a]fc[a]CV  with  “0”;  otherwise,  mark  it  with  “1”. 

In  the  main  body  of  the  algorithm,  we  add  extra  clauses: 

4.  Antecedent  [o]fc[a]D:  If  T  contains  an  occurrence  of  a  formula  [a]fc[a]Dyp  marked  “0”, 
put  a  check  mark  next  to  the  current  node,  then  create  one  child  node: 

r,  [a]fcD[a]Dc/?  =>•  A 

I 

r=^A  / 

labelled  T,  [a]feD[a]Dy?  =>  A.  Run  the  sub-routine  Marking(r,  [a]fcD[a]n</5  =?■  A). 
Select  the  child  node  labelled  T,  [a]fcD[a]Dy>  =>•  A  as  the  new  current  node. 

If  T  contains  no  occurrences  of  any  formula  [a]fc[a]Dy?  marked  “0”,  then  proceed  to  5. 

5.  Terminate  and  return  the  label  of  the  current  node,  T  A  (which  does  NOT  have 
a  check  mark  “/”)  as  the  saturation  of  To  ^  Ao,  i.e.  Sats4c{To  Ao)  =  T  =»  A 

As  before,  the  saturation  algorithm  must  terminate  because  0-SubForm(To  U  Ao)  is 
finite  and  there  is  at  most  two  branches  at  each  step. 

It  is  immediate  from  the  construction  that  if  T  =$■  A  =  Sats4c(To  =>•  A0)  then 

(a)  fo  C  T  C  □-5'u&Form(r’o  U  Ao)  and 


30 


(b)  A0CAC  O-SubForm(T0  U  A0) 
hold,  and 

(c)  S4C  Y-q-  r  =*>  A 

by  the  same  argument  as  in  Lemma  6.2.  ■ 

Next,  we  summarize  the  relevant  properties  of  the  Strip  function  in  this  setting. 

Lemma  9.3  Let  T  =$■  A  be  a  sequent  of  Caa>  and  let  (P  =>•  A')  =  Strip(T  =>■  A). 

Then  for  all  <p  G  Caa  and  k  G  N, 

(i)  P  C  SubForm(T)  and  A1  C  SubForm(A) ; 

(ii)  [a]fc+V  G  T  iff  [a\kip  G  T'; 

(iii)  [a]fc+V  ^  A  iff  [< a]kip  G  A'; 

(iv)  if  S4C  FG_  r  =*  A,  then  S4C  PG_  P  =>  A'; 

(v)  if  T  =>  A  is  S4C  saturated,  then  P  =>•  A'  is  also  S4C  saturated. 

Proof.  Properties  (i),  (ii)  and  (iii)  are  as  in  Lemma  6.4,  and  the  argument  for  (iv)  is 
identical  to  that  in  the  proof  of  that  lemma.  For  (v),  we  only  need  check  clause  (4.)  of  S4C 
saturation.  Suppose  T  =>  A  is  S4C  saturated,  and  consider  P  =£>  A'.  Then 

[a]k[aptp  e  P 

[a] fc+1  [apy)  G  T  by  (ii) 

[a]  *+1  □[«]□<£>  G  T  by  S4C  saturation  of  T  =$■  A 
[a]fcD  [«]□</?  €  P  by  (ii) 

Hence  P  =£-  A'  is  S4C  saturated.  ■ 


Definition  9.4  For  each  sequent  To  =£■  A0  in  the  language  Caa,  define  5u6-S4C(Fo  =►  Ao) 
to  be  the  set  of  all  sequents  T  =>  A  in  Caa  satisfying  the  three  properties: 

•  r  =>  A  is  S4C  saturated; 

•  T  U  A  C  0-SubForm(ro  U  Ao); 

•  S4C  PG_  r  =>  A. 

Definition  9.5  For  each  sequent  r0  ^  A0  in  the  language  Caa,  we  define  a  Kripke  frame 
£(r0=>-Ao)  =  ( W,  R ,  F)  for  T0  =>  A0  as  follows: 
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•  W  =  Sub-S4C(T0  =»  Ao); 

•  ((r  =>■  A),  (r'  =>-  A'))  G  f?  iff  □</?  G  r  implies  Dip  €  T" 

•  F  =  Strip 

The  Kripke  frame  AC(r0=>A0)  *s  called  the  S4C  saturation  frame  /or  To  =>  Ao. 
Define  the  canonical  valuation  rj  :W  -¥  'P(PV)  for  K( r0=^A0)  by 

p  €  r/(r  A)  iff  per 


By  Lemma  9.3,  W  =  Sub-S4C(T0  =$■  A0)  is  closed  under  F  =  Strip ,  and  R  is  reflex¬ 
ive  and  transitive,  hence  /C(r0=>A0)  is  a  Kripke  frame  for  £□».  Our  real  interest  is  in  the 
monotonicity  of  Strip  with  respect  to  R. 

Lemma  9.6  Let  To  =>•  A0  be  a  sequent  of  Caa  such  that  S4C  Fq-  To  Ao,  and  let 

/C(r0=>A0)  be  the  S4C  saturation  frame  for  To  =>■  Ao,  as  in  Definition  9.5. 

Then  F  =  Strip  is  monotone  with  respect  to  the  relation  R,  where 

((ri  =£>  A2),  (r2  =*•  A2))  G  R  &  Dy*  G  Ti  implies  0<p  g  T2 

Hence  /C(r0=*>A0)  a  continuous  Kripke  frame. 

Proof.  Assume  (I\  =>  Ai),  (r2  A2)  G  W(r0=s.A0)’  an<^  ((^i  ^  ^i)>  (^2  =>  A2))  G  R.  Let 

Strip(Ti  =$■  A,)  =  =£•  A(),  for  i  =  1,2.  Then  fix  <p  G  Caa •  Then 


□v?  e  r; 

[apip  G  Ti 

by  (ii)  of  Lemma  9.3 

□  [<*]□¥>  €  Ti 

by  S4C  saturation,  clause  (4.)  with  k  =  0 

=*> 

□  [ajm<£>  G  r2 

by  definition  of  R 

[a]CDy>  G  r2 

by  S4C  saturation,  clause  (3.)  with  k  =  0 

□¥>■€  r2 

by  (ii)  of  Lemma  9.3 

Hence  ((1^  =>  A'x),  (r2  =>■  A2)),  as  required.  ■ 

Lemma  9.7  Main  Semantic  Lemma  for  S4C 

Let  To  =£■  Ao  be  any  sequent  in  £□„,  let  K.  =  /C(r0=»-Ao)  =  (Wi  F,  F)  be  the  S4C  saturation 
frame  for  T0  =£•  A0,  and  let  rj  be  the  canonical  valuation  for  K  as  in  Definition  9.5. 

Then  for  all  (r  ^  A)  G  W  and  for  all  formulas  <p  in  Cna,  we  have: 

ip  G  T  implies  (r  ^  A)  lb,,  ip 
cp  €  A  implies  (f  A)  U?v  ip 
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Proof.  Duplicate  the  proof  of  Lemma  6.9,  replacing  S4F  with  S4C  and  SubForm  with 
O-SubForm  in  the  analysis  of  □  in  the  succedent.  ■ 


Theorem  9.8  Kripke  completeness  and  finite  model  property  for  S4C 
Let  T0  =>  A0  be  any  sequent  in  Caa- 
7/S4C  PG_  T0=>  Ao, 

then  there  is  a  finite  continuous  Kripke  frame  1C  and  valuation  rj  for  1C  such  that  ( 1C ,  r]) 

Aro  ->  V  ^o- 

Proof.  Same  as  the  proof  of  Theorem  6.10.  ■ 


10  Consolidation  Theorems  for  S4C 

As  for  S4F,  we  consolidate  the  major  results  of  previous  sections. 


Theorem  10.1  For  all  multisets  T,  A  of  formulas  of  £na,  the  following  are  equivalent: 

(1.)  S4C  hG_  T  =►  A 
(2.)  S4C  hG  r  =*►  A 
(3.)  S4Ch*Ar->-VA 

(4.)  X  f=  A  r  — *  V  A  f0T  continuous  topological  structures  X  for  Caa, 

(5.)  1C  lh  A  r  — >  V  A  for  all  continuous  Kripke  frames  1C  for  £na, 

(6.)  1C  lh  A  r  “ t  V  ^  for  finite  continuous  Kripke  frames  K  for  £aa- 

Proof.  (1.)  =>•  (2.)  is  trivial.  (2.)  (3.)  is  Proposition  8.9.  (3.)  =>•  (4.)  is  Proposition  8.6. 

(4.)  =$>  (5.)  is  Proposition  8.4.  (5.)  =$■  (6.)  is  trivial.  (6.)  =£■  (1.)  is  Theorem  9.8.  ■ 


Corollary  10.2 

Corollary  10.3 


The  sequent  calculus  S4CG  admits  cut- elimination. 


The  logic  S4C  is  decidable. 
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